Getting rid of ACLs....

In an ongoing effort to reduce cost I would like to know if there is a RESCENT way to use an LDAP server to authenticate Windows and Linux (Ubuntu 12.10) machines on a network. And can that work in parallel with an AD Server

I can't get rid of Windows (because of the accounting program), but trying to reduce it by using Samba, webapps that don't need Windows and give user kiosk system and authenticate workstation user that only use docs and spreadsheet to on a LDAP server... the goal is to reduce the need of CALs @ 40 something $ a pop. But I still need global authentication, startup scripts and a way to force GPO into those script as user logs on.